4 matches found
actionpack Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in the simpleformat helper in actionpack/lib/actionview/helpers/texthelper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute...
CVE-2013-6416
Cross-site scripting XSS vulnerability in the simpleformat helper in actionpack/lib/actionview/helpers/texthelper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute...
XSS Vulnerability in simple_format helper
The simpleformat helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass...
XSS Vulnerability in simple_format helper
There is a vulnerability in the simpleformat helper in Ruby on Rails. The simpleformat helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped...